dhanikkeraliya/laravel-securescan
Composer 安装命令:
composer require dhanikkeraliya/laravel-securescan
包简介
A powerful security scanner for Laravel applications with CLI and web dashboard support to detect vulnerabilities like SQL Injection, XSS, secrets, and misconfigurations.
README 文档
README
🚀 Overview
Laravel SecureScan is a powerful security analysis tool for Laravel applications.
##🔥 Real-time Laravel security scanner with live dashboard (no queue required)
It scans your codebase to detect:
- 🔴 Critical vulnerabilities (SQL Injection, XSS, Secrets)
- 🟡 Security misconfigurations
- 🟢 Best practice issues
It provides:
- ⚡ CLI-based scanning
- 📊 Real-time web dashboard
- 📁 Detailed findings with fixes
🔥 Features
✅ CLI Scanner
- Real-time progress bar
- Colored severity output
- Detailed issue + fix suggestions
✅ Web Dashboard
- Live scanning (no queue required)
- Progress tracking
- Severity charts (High / Medium / Low)
- Live logs (terminal-style)
- Findings table
✅ Security Checks
🔴 High Severity
- SQL Injection detection
- XSS vulnerabilities
- Hardcoded secrets
- ENV exposure
- Dangerous PHP functions
- Sensitive data logging
🟡 Medium Severity
- Missing authorization
- Mass assignment issues
- File upload risks
- Open redirects
- Rate limiting issues
- Unvalidated input
🟢 Low Severity
- Weak random usage
- Hardcoded URLs
📦 Installation
composer require dhanikkeraliya/laravel-securescan
⚙️ Configuration
Publish config:
php artisan vendor:publish --tag=securescan-config
🔍 Usage
CLI Scan
php artisan security:scan
Web Dashboard
http://localhost:8000/_securescan
🚫 Ignore Rules (.securescan-ignore)
Laravel SecureScan allows you to ignore specific files, patterns, or rules using a .securescan-ignore file placed in the project root.
This helps reduce noise and avoid false positives in your scans.
📄 Example
Create a file:
.securescan-ignore
Add rules like:
# Ignore specific files app/Models/Test.php # Ignore by pattern */Seeder.php # Ignore by rule SQL Injection XSS
🔍 Supported Ignore Types
1. Ignore Specific File
app/Models/Test.php
2. Ignore by Pattern
*/Seeder.php
3. Ignore by Rule Type
SQL Injection XSS
⚙️ Usage
Run scan with ignore rules enabled:
php artisan security:scan --ignore
⚠️ Important Notes
-
Ignore rules are applied after scan results are generated
-
Rule matching is based on:
- File path
- Finding type (e.g., SQL Injection)
-
Keep rules minimal to avoid hiding real vulnerabilities
💡 Best Practice
Use ignore rules only when:
- You have verified a false positive
- The issue is intentionally handled in your code
Avoid blindly ignoring critical issues.
🖥️ Dashboard Preview
CLI Output
Why SecureScan?
Most Laravel security tools:
- Only scan dependencies ❌
- No UI ❌
- No real-time feedback ❌
SecureScan provides:
- Code-level scanning ✅
- Real-time dashboard ✅
- Developer-friendly output ✅
🤝 Contributing
Contributions are welcome!
Steps:
- Fork the repo
- Create feature branch
- Submit PR
🔐 Security
If you find any vulnerabilities, please check SECURITY.md.
📄 License
MIT License
dhanikkeraliya/laravel-securescan 适用场景与选型建议
dhanikkeraliya/laravel-securescan 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 12 次下载、GitHub Stars 达 7, 最近一次更新时间为 2026 年 04 月 19 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「php」 「security」 「laravel」 「scanner」 「xss」 「vulnerability」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 dhanikkeraliya/laravel-securescan 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 dhanikkeraliya/laravel-securescan 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 dhanikkeraliya/laravel-securescan 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Provide a way to secure accesses to all routes of an symfony application.
It's a barebone security class written on PHP
Contao CMS integrity check for some files
A PHP security linter to detect insecure functions like var_dump, print_r, and other dangerous functions in your codebase
Alfabank REST API integration
Cbox SSRF — a hardened, config-driven guard against server-side request forgery for outbound URLs in Laravel. Blocks private/reserved/cloud-metadata targets, pins DNS, and refuses redirects.
统计信息
- 总下载量: 12
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 8
- 点击次数: 51
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-04-19